You're exactly right -- and I would also say that many organizations would love to eliminate the expense of an MDM solution as well, so while the use of ActiveSync and Active Directory as mechanisms to manage and control Knox/SAFE devices is promising, once again you're limited to Samsung-certified devices (ie, their own, and really just their flagship products at this point). I think that it's fairly inevitable that organizations will have to have an MDM solution if they're going the BYOD route (most people I talk to have stopped resisting). The beauty of the Samsung approach is that it is all enabled through the major MDM players (Mobile Iron, SOTI, Airwatch, etc -- I know the ones I leave out of this list are going to send me e-mails, but I don't have the list in front of me). Those MDM players will offer some semblance of a.) support for other devices, including other platforms b.) use of the Knox/SAFE APIs (I'm not sure whether any are using even half of the 700 or so Samsung touts). So for shops that want to allow all platforms (whatever their employees want to bring), most of those will be supported by MDM, and then IT can say "we encourage using Samsung devices that are Knox certified." And it's not like they're asking employees to cripple themselves because Samsung has some of the best smartphone technology anywhere -- it's likely we'll see something pretty exciting on March 14 with the Galaxy SIV.

Samsung's container is probably more equivalent to what VMWare has, and with it the user chooses what IT can/can't see. How secure those containers (work vs personal) are from one another remains to be seen, and one would hope that each runs in its own sandbox. Most of the other items will have to be examined by security experts, but Samsung is seeking FIPS compliance, and thus the blessing of government agencies like the DOD, so I would imagine things are pretty secure. Samsung isn't providing things like an enterprise app store, which can help on the Android malware front, but they are allowing the ability to blacklist and whitelist applications, and that there will be more on this front.

None of these things will prevent users from doing stupid things, like clicking on malicious links. I talked to one company at Mobile World Congress this week (Cloudmark) that is in the business of secure SMS and I hadn't realized what a problem malware and even botnets have been using SMS -- I guess people still haven't learned, and it seems these things will get worse and more insidious.

Fritz, Even though Android/Samsung has the lion's share; there will always be the outlyers/execs/salesfolks who insist on their iPhone or Win8 phone (it is BYOD after all). So the issue remains of having to utilize multiple tools or have support for non Samsung devices in the tool... How do you see this playing out, since IT isn't looking for MORE tools, just ONE great MDM solution for all their BYOD (within reason).

Fritz.. When I met with Tim Wagner at CES, he alluded to how the company was about to launch a major campaign around the SAFE APIs. Not that we would normally give coverage to advertising moves like that. But the approach Samsung is taking is reminiscent of the hugely successful and long running Intel Inside campaign. To me, this is significant because it's making Samsung look as though it's completely unchallenged on MDM API (on Android) front. Even our own CIO admitted to me that he liked the comfort of knowing that some number of our BYODers had SAFE-compliant phones (compared to those that are barely manageable, relatively speaking, via ActiveSync).

I'm curious to know how the TrustZone technology works in comparison to virtual machine technology of the sort that VMware and Cellrox have shown.

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.